Accelerated Tunnel Mode Ipsec; To Configure Hardware Accelerated Tunnel Mode Ipsec - Fortinet FortiGate FortiGate-ASM-FB4 Technical Note

Accelerated tunnel mode IPSec

Accelerated tunnel mode IPSec
18
• Accelerated interface mode IPSec
The following steps create a hardware accelerated tunnel mode IPSec tunnel
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.

To configure hardware accelerated tunnel mode IPSec

1 On FortiGate_1, go to VPN > IPSec.
2 Configure Phase 1.
For tunnel mode IPSec and for hardware acceleration, specifying the Local
Gateway IP is required.
Select Advanced. In the Local Gateway IP section, select Specify and type the
VPN IP address 3.3.3.2, which is the IP address of FortiGate_2's FortiGate-ASM-
FB4 module port 2.
3 Configure Phase 2.
If you enable the checkbox "Enable replay detection," set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
4 Go to Firewall > Policy.
5 Configure one policy to apply the Phase 1 IPSec tunnel you configured in step
traffic between FortiGate-ASM-FB4 module ports 1 and 2.
6 Go to Router > Static.
7 Configure a static route to route traffic destined for FortiGate_2's protected
network to VPN IP address of FortiGate_2's VPN gateway, 3.3.3.2, through the
FortiGate-ASM-FB4 module's port 2 (device).
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "AMC-SW1/2"
set dst 2.2.2.0 255.255.255.0
set gateway 3.3.3.2
next
end
8 On FortiGate_2, go to VPN > IPSec.
9 Configure Phase 1.
For tunnel mode IPSec and for hardware acceleration, specifying the Local
Gateway IP is required.
Select Advanced. In the Local Gateway IP section, select Specify and type the
VPN IP address 3.3.3.1, which is the IP address of FortiGate_1's FortiGate-ASM-
FB4 module port 2.
"config system npu" on page
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
Examples
15.
2 to